Talks will be recorded and posted to YouTube after the conference, unless the speaker does not want to be recorded. Personal recordings are prohibited.
Schedule is subject to change.
Talks from CackalackyCon 1 - 2019 are available on
Youtube
-
Friday
-
17:00 | Registration Opens
-
18:00 | Opening Remarks, Side Event Intros
-
18:30 | Badge Talk
Why our badge rocks and what can you do with it.
-
19:00 | Ray Doyle (@doylersec) - Password Attacks 101: Exploiting Human Weaknesses
It may come as no surprise, but humans are bad at passwords. Passwords are complicated, hard to remember, and always seem to get compromised.
In this talk, I'll cover a brief history of passwords, the different types of password cracking and attacks, the psychology behind password attacks, and why understanding these attacks and weaknesses are so important. Special attention will be given to demos related to effective hash cracking techniques and introduction to toolsets for making the process as efficient and effective as possible.
From breaking into companies due to the Ashley Madison data dump (yup, there's a story there), to a decade+ old password list, password cracking will always be a threat for any system that still uses passwords.
For offensive security pros, you will hopefully walk away with a newfound vigor for password attacks (or a few new techniques). Defenders will learn how hackers go about attacking passwords, and measures that they can take to stop or slow these attacks. And, for everyone else, come find out what makes a strong password, or how attackers can break into so many accounts!
-
20:00 | Deral Heiland - Inter-chip Communication Analysis – A deep dive look at testing and understanding end-to-end security in IoT Technology
This presentation is focused on evaluating embedded technology by approaching the examination of device security through analysis of inter-chip communication at the circuit level. As more and more IoT technology improve on the communication security, we find that we can better evaluate an embedded product’s end-to-end security posture by examining the data transfer at the circuit level via inter-chip communication as data passes through an embedded device. At this circuit level, communication between microcontrollers (MCUs) are rarely encrypted; this lack of encryption of inter-chip communications can be used as an effective testing point. So, during this presentation we will be exploring inter-chip communication concepts. Focusing on mapping circuit layouts, capturing and decoding communication methodologies, and evaluation of end-to-end security concepts on IoT bridging devices used for remote Internet access to devices leveraging nonroutable Protocols. I will also be Introducing Akheron proxy. A proof of concept UART proxy tool used for capture, replay, and basic fuzzing of inter-chip serial communication.
-
21:00 | Philip Young, aka Soldier of FORTRAN - Buffer Overflows? In my Mainframe?
Once thought impossible is now possible! In the early 2020s an enterprising young mainframe hacker figured out how to do mainframe buffer overflows. For decades we've heard that the mainframe are safer because buffer overflows aren't possible. Turns out that was wrong. This talk will walk you through the history of mainframe hacking, mainframe buffer overflows in C and HLASM, find them, digging in the memory (no ASLR here) and how to do RCE against a mainframe target, its harder than you think thanks to EBCDIC. We'll be using a public domain mainframe operating system to show how this is possible and giving out a docker container which trains you how to find buffer overflows and exploit them. After this talk attendees will have an understanding of mainframe hacking, MVS registers and buffer overflows.
-
22:00 | Party Starts
Don't look here, get your ass to the party in the hotel bar!
-
Saturday
-
09:00 | Registration Re-Opens
-
09:50 | Opening Remarks
-
10:00 | OCL Nonprofit Directors Patrick McNeil, Jeremy Thomas, & Tom Crouse accompanied by member Alek Sun - Past, Picking, and Future: A Locksport Panel
This year we'll open the Lockpick Village with a special panel talk from Oak City Locksport (OCL). The Village will open immediately following the talk.
Our panel will discuss topics such as:
- How OCL started and why we chose to go on our own journey
- How newcomers can get started, figure out what is going on with a lock, and be successful
- Our favorite tools and training equipment, as well as those to stay away from
- Locks that we actually recommend
- Physical security tips and tricks
-
11:00 | Prof Farnsworth - Hacking for a cause is a cause for concern
Hackers have always had philosophies and justifications for their actions, going back to the original hacker ethic and hacker manifesto of the 80s. As technology change democratized global access to the Internet, the drivers for hacking began to include religious, political, and nationalist ideals. These interests led to differences in target selection and attack methods in order to further individual or nation-state interests. This presentation will explore the use of hacking and cyberattacks for both nation-state and non-nation-state backed hacks using empirical data in order to illustrate the ways that these hacks operate and differ from traditional economic or challenge-based motivations. In particular, this talk will explore the factors associated with web defacements affecting US-based IP addresses over a five year period. Additionally, this presentation will examine attacks identified in the Extremist CyberCrime Database (ECCD), an open-source repository of cyberattacks performed since 1998. The differences in attacks stemming from racial and ethnically motivated (REM) hackers, as well as environmental and animal-focused ideologies, jihadists, and other beliefs will also be examined. Finally, this presentation will examine the ways these attacks differ from nation-state sponsored cyberattacks in both quality and quantity. Attendees will gain an appreciation for trends in ideologically-motivated attacks, their frequency and quality relative to traditional attacks, and leave with potential strategies to secure their operational environments from these threats.
-
12:00 | Michael Rudden - Parkalot - Extended Edition
As many American cities move to replace manual coin-fed parking meters with applications and kiosks, a lot of the old strategies for keeping your parking fare up to date like “feeding the meter” are no longer usable. However, different states have different license plate syntax rules, which can be used to work around hard-coded limitations in at least one major application to simulate a more manual and traditional parking meter experience. This talk is specifically about the quirks of North Carolina license plates and Raleigh's parking systems.
This talk was originally a ten-minute lightning talk at ShmooCon 2023 but I would like to expand upon the original premise (above) to also talk about the systems thinking that goes into parking and transportation networks. Systems thinking, much like in technology, is part of how modern cities design their transportation network. Parking is one way to meet the need of getting someone to where they want to be. I will draw parallels between Raleigh’s parking network and what information security professionals think about and experience in their day-to-day job.
-
12:30 | Lunch (The hotel restaurant will have a delicious BBQ buffet available for ~$20)
-
14:00 | Michael Goetzman - Cyberpunk to Solarpunk: Actionable Guidance from a hacker for hope into the future
As society seemingly is trending towards a cyberpunk dystopian future, what is our responsibility as cybersecurity professionals and hackers to ensure a more positive utopian future?
Cyberpunk originated in the 1950-1980’s as a cultural genre that deliberately rebelled against the science-fictional techno-utopian future, pointing out that the rapid development of technology, rise of corporate power, technological warfare, overreaching governments, and anthropogenic mastery of the environment had serious flaws as a blueprint for the future. Yet that future, imagined thirty years ago, is beginning to live out this 1980s prediction of the future.
In this presentation, I argue that there is a better direction, a Solarpunk cultural genre, that cybersecurity professionals and hackers can guide society TODAY with sociopolitical critiques of cyberpunk into the 21st century. I’ll provide actionable content daring the audience to imagine a future beyond "the cyberpunk continuum" and working towards a utopia for all. I’ll demonstrate how I’ve evolved my personal life with said actions.
-
15:00 | Qasim Ijaz - Feature or a Vulnerability? Tales of an Active Directory Pentest
This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).
-
16:00 | Steve Myrick - Building a Free AppSec Pipeline
Not every scrappy startup or community project has the ability to drop hundreds of thousands of dollars on the latest and greatest enterprise-grade application security tooling, but that shouldn’t stop them from automatically securing their code. There are many open-source tools that, if properly configured together, can provide quick and actionable results for developers. It’s possible to create a free AppSec pipeline that lets developers focus on getting to market with a secure product instead of fighting fires once the first responsible disclosure comes in.
We’ll talk through a developer’s options when it comes to free SAST, DAST, SCA, and vulnerability management tooling and the pros and cons of each. We’ll also touch on how to pay attention to licensing when transitioning from a good idea in someone’s home office to a sellable product. There will be some short, technical demos to preview the tools, but this is focused on open source tooling, not enterprise software.
-
17:00 | Chris Horner - Protecting Your Personal Information From People Like Me
As a pentester, some of my assignments include a social engineering component. This presentation shows examples of what kind of information is online about people and companies, how I find and use that information in social engineering campaigns, and most importantly how to take back some level of control of the information to protect privacy. Most of it is focused on personal privacy - how this information got out there in the first place, why it's not a good thing, how to find and delete it, all mixed in with my personal experience of going through this process.
-
18:00 | Dinner (Not Provided by the conference - Hotel Restaurant will be open)
-
19:30 | c4m0ufl4g3 - Injectyll-HIDe: All Your Keyboards Are Belong To Us
Welcome to the world of Injectyll-HIDe! This isn’t the typical hardware HID implant that you have come to know and love. Utilizing different technologies and unique tactics, we have created a customizable and scalable platform for use in modern Red Team engagements. Live demos will be performed. Keystrokes will be logged and injected. Shells will be popped. Fears may be realized.
Attendees will learn how to create and customize their own implant using our open-source plans and how to deploy our implant anywhere a keyboard can go. Audience participation is highly encouraged.
-
20:00 | threlfall - What the EDR Doing? Using eBPF and anomaly detection to confidently write and deploy malware.
We'll use machine learning to perform anomaly detection on system calls to instrument the behavior of a process, namely an EDR such as Crowdstrike.
Beginning with a primer on eBPF and unsupervised learning, we'll deploy an eBPF program to monitor a process; letting us uncover precisely what makes it tick so that we can craft our malware and attack strategies accordingly. We'll pass all this data through machine learning tools such as Tensorflow, and use the outputs to guide our decision making.
Later we'll cover other use-cases in this exciting new area of technology for defense, offense and reversing - the possibilities are near endless!
-
21:00 | Hacker Trivia
Do you know the most usless shit about hacking or hackers.. Let the games begin
-
22:00 | Hacker Swan
-
Sunday
-
09:00 | Registration Re-Opens
-
09:20 | Opening Remarks
-
9:30 | Melodie Wilson - AppSec Mods: Using the Right Building Blocks for the Job, from Big Data to Games
Application Security best practices are not static - they need to be adapted and modified to fit the industry, the size of the business, and what assets you need to protect.
In this talk, we will take a journey through different real life scenarios discussing how to place the building blocks of an AppSec program in the right order - and at the right time.
-
9:30 Track 2 | Ms Mouse - Does this URL work for you? http://0216.0xfb.41833/
Does this URL work for you? http://0216.0xfb.41833/
-
10:00 | Griffin Francis - Uncovering Vulnerabilities: An Introduction to Bug Bounty Programs
This presentation will provide an introduction to the concept of bug bounty programs and their role in identifying and mitigating vulnerabilities in software systems. The first section of the presentation will cover the basics of what bug bounty programs are and how they work, including an overview of the types of rewards that are typically offered to participants. The second section will delve into the benefits of bug bounty programs for both companies and individuals, including increased security for systems and the opportunity for researchers to earn recognition and financial rewards for their work. The final section will touch on best practices for companies looking to implement a bug bounty program and tips for individuals looking to participate in one.
-
10:00 Track 2 | Joe Schottman - Cargo Cults (A Short History Of)
Charles Babbage famously said he’d been asked, “'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.” But what if you could put slightly correct figures in and still get the correct answer (or at least answers that appear to be the right ones)?
This talk explores a little-known phenomenon in the Pacific region, how Richard Feynman (mis)used the term to describe problems in science, its subsequent mutation into a computer science term, and how reliance on automated security tools and rituals parallels all of the above.
This talk was inspired by the history of the lock talk a few years ago at CarolinaCon. It’s designed to be infotainment and leave audience members a little more knowledgeable about the world as well as having food for thought on trying to help improve security practices. And might just give them what they need to win bar trivia one day.
-
11:00 | %00handle (Jason Kent) - IOCs in your APIs
As APIs are being utilized to normalize data transfer from various application endpoints and 3rd party resources we have created interconnectivity that invites attacks. Instrumenting one's self to ensure data integrity and security can be the difference between a minor incident and a major data breach. In this talk I will discuss what my research has shown about Indicators of Compromise that already exist in your APIs. I will go over recent attacks that we have fended off as well as those that have been observed at other organizations. Within this discussion will be how to instrument yourself to pull the indicators from the data.
-
11:00 Track 2 | Dom Lutz - Why spoof, when you can ȯwn?
Homoglyph attacks seem to come up every few years in security blogs. Replace (INSERT CHARACTER HERE) with a nearly identical, rarely used Unicode character, and voila you have a string that might fool an unsuspecting party. It's like typosquatting, but the difference between the real string and the homoglyph will likely be harder to spot than a misspelling or extra letter. This talk will cover use cases, real world examples, and a tool I am working on to easily identify discreet homoglyph URLs for your org.
-
11:30 Track 2 | Savvyjuan - Obfuscation in Plain Sight
Discussing leveraging a normal non malicious looking powershell script to hide malicious payloads in a separate file through encryption to mask the combinations of execution commands and web request commands to avoid detection.
-
12:00 | pledge - Automating disc media archival
You might be motivated to build a content library. In this talk, I will overview how the depreciated physical media of yesteryear works along with some laws that support you in your quest to back up your discs. From minimum hardware to at-scale solutions, we'll discuss ways for you to turn a stack of old discs into portable files compatible with your favorite media player. An introduction
-
12:00 Track 2 | Ashley (Fn00b) & Will Ogle - Hacking your Way to a Career in Cybersecurity
This presentation will cover the steps and strategies needed to launch a successful career in cybersecurity. Attendees will learn about the education and certifications required for various cybersecurity roles, as well as tips for gaining experience and networking in the industry. The presentation will also explore different types of jobs available in cybersecurity and how to tailor a resume for these roles. With a focus on practical advice and real-world examples, this presentation will provide attendees with the tools and knowledge they need to "hack" their way into a career in cybersecurity.
-
12:50 | Lunch (The hotel restaurant will have a delicious Italian buffet available for ~$20)
-
14:00 | Nader Zaveri - Old Services, New Tricks: Cloud Metadata Abuse by Threat Actors
Mandiant has identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest and abuse credentials using Amazon’s Instance Metadata Service (IMDS).
-
14:00 Track 2 | Carlota Sage & Josh Wyatt - From Scapegoat to G.O.A.T.: The Evolving Role of the CISO
With the perception that CISOs impede business, R&D and finance more than they help, it's not surprising the average tenure of a CISO is 18-24 months. Carlota Sage and Josh Wyatt (and any other CISO they pick up this weekend!) will take a look at what those CISOs get wrong and how the role is changing, especially post-Uber verdict and with the emergence of ChatGPT, AI and virtual reality.
-
15:00 | Manny Landron - AWS Security Reference Architecture: A Well-Structured Foundation
The AWS Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be relied upon to help design, implement, and manage AWS security services so that they align with industry accepted practices. The recommendations are built around a single-page architecture that includes AWS security services. In this session, learn about the AWS SRA and how you and your team’s might rely on the AWS SRA to design and secure your cloud hosted workloads. Also learn how they help achieve security objectives, where they can be best deployed and managed in your AWS accounts, and how they interact with other security services.
-
15:00 Track 2 | Buffalo Overflow - International privacy laws and the art of log analysis
Logs and netflows, oh my! We do want to know who is probulating our servers and other devices. We centralize this collected data, analyze it, and act upon it. Things get exciting when our organization has offices all over the world. Things get even more exciting when our organization is composed of international organizations joined together for a project. How can we defend something if we do not know it is under attack? Those pesky international privacy laws are hampering our style. Or, are they? Let's see if we make enough sense of them so we can keep our security monitoring stack well fed.
-
16:00 | Closing Remarks and Awards
All our thanks and awards to those true hackers
-
Bye Everyone, See you next year!